dependabot[bot]
7342a71265
Bump actions/checkout from 2 to 3 ( #299 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:34 +02:00
Christian Banse
8cde7faf81
Added dependabot updates for GitHub actions ( #298 )
2023-03-31 13:26:46 +02:00
Michael Fridman
15f96b0627
Add golangci-lint ( #279 )
...
* Add golangci-lint-action
* Upgrading CodeQL to v2
* Fixed linting errors
---------
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:20:59 +02:00
dillonstreator
843e9bfe4d
add documentation to hmac `Verify` & `Sign` to detail why string is not an advisable input for key ( #249 )
...
* add documentation around Verify & Sign to detail why string is not an advisable input for key
* Refer to the usage guide
---------
Co-authored-by: Dillon Streator <dillonstreator@Dillons-2nd-MacBook-Pro.local>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:19:48 +02:00
Christian Banse
1c4047f488
Adjusting the error checking example ( #270 )
...
This PR adjusts the error checking example so that a check for an invalid signature is also included.
See discussion in #143
2023-03-24 23:11:38 +01:00
Christian Banse
b357385d3e
Moving `DecodeSegement` to `Parser` ( #278 )
...
* Moving `DecodeSegement` to `Parser`
This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.
We keep the functions exported because of explicit user demand.
* Sign/Verify does take the decoded form now
2023-03-24 19:13:09 +01:00
Liam Newman
c6ec5a22b4
Update MIGRATION_GUIDE.md ( #289 )
...
* Update MIGRATION_GUIDE.md
Saw one typo, spent a few minutes improving a few paragraphs.
2023-03-24 19:10:52 +01:00
Mones Zarrugh
0d2f0d4809
remove string slice and strings.join ( #115 )
2023-02-21 21:28:00 -05:00
Christian Banse
148d710109
`v5` Pre-Release ( #234 )
...
Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-02-21 14:32:25 +01:00
Christian Banse
4fd5621d8d
Added GitHub Actions Markdown ( #260 )
2023-02-19 14:01:18 +01:00
Alexander Yastrebov
9358574a7a
Allow strict base64 decoding ( #259 )
...
By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.
This creates a potential problem if application treats token value as an identifier.
For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.
This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.
See also https://github.com/golang/go/issues/15656 .
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2022-12-09 18:04:03 +01:00
Christian Banse
2f0984a28b
Using `tparse` for nicer CI test display ( #251 )
2022-11-29 10:00:41 -05:00
Christian Banse
2101c1f4bc
No pointer embedding in the example ( #255 )
...
Fixes #223
2022-11-08 15:43:45 +01:00
Krouton
35053d4e20
Removed unneeded if statement ( #241 )
2022-10-15 14:38:07 +02:00
Jacob Kopczynski
0c4e387985
Add doc comment to ParseWithClaims ( #232 )
2022-09-26 10:01:52 -04:00
Christian Banse
bfea432b1a
Include https://github.com/golang-jwt/jwe in README ( #229 )
2022-08-20 17:04:58 +02:00
Michael Fridman
d81acbf7f3
Bump matrix to support latest go version (go1.19) ( #231 )
...
* Bump matrix to support latest go version (go1.19)
* Fix comment
2022-08-20 16:53:04 +02:00
Hugo
fdaf0eb0e0
Implement a BearerExtractor ( #226 )
...
* Implement a BearerExtractor
This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.
This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.
* Ignore case-sensitivity for "Bearer"
2022-08-19 13:59:36 +02:00
KroKite
f2878bb94b
fix: link update for README.md for v4 ( #217 )
...
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-08-15 12:45:52 +02:00
George Kechagias
9294af54b5
chore: remove unused claims in RSA table driven test ( #212 )
2022-06-04 08:03:41 -04:00
Qian Qiao
2da0bf7566
Fixed integer overflow in NumericDate.MarshalJSON ( #200 )
2022-06-03 22:13:34 -04:00
Christian Banse
8fb42696ff
Update SECURITY.md ( #207 )
2022-05-28 21:53:11 +02:00
Michael Fridman
cf43decf7c
Create SECURITY.md ( #171 )
2022-05-28 12:40:34 -04:00
Michael Fridman
4426925f0c
CI check for Go code formatting ( #206 )
...
Signed-off-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
2022-05-28 16:03:15 +02:00
Håvard Anda Estensen
f6c6299f67
chore: replace ioutil with io and os ( #198 )
2022-05-27 19:11:16 -04:00
Luigi Morel
89a6400b7f
add installation guidelines to the README file ( #204 )
2022-05-27 19:07:25 -04:00
Vladislav Polyakov
6e2ab4291f
docs: update link to pkg.go.dev page ( #195 )
2022-04-19 17:45:50 +02:00
Christian Banse
83478b3c8f
Added MicahParks/keyfunc to extensions ( #194 )
2022-04-18 22:01:59 +02:00
Michael Fridman
0972257eba
Revert "feat: port clockskew support ( #139 )" ( #184 )
...
This reverts commit d489c99d3e
.
2022-03-26 10:13:03 -04:00
Michael Fridman
1096e506e6
Add go1.18 to ci pipeline ( #173 )
2022-03-18 07:15:45 -04:00
ksegun
d489c99d3e
feat: port clockskew support ( #139 )
...
Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-03-08 08:43:46 +01:00
ydylla
6de17d3b3e
fix: expired token error message ( #165 )
2022-02-15 08:31:33 -05:00
Michael Fridman
279dd19720
Set json encoding precision ( #162 )
2022-02-09 21:54:31 -05:00
Giau. Tran Minh
863d23d08a
fix: fixed typo detect by cSpell ( #164 )
2022-02-09 13:14:42 -03:00
Michael Fridman
2387103809
Add JWT logo image attribution ( #161 )
2022-02-08 22:35:49 -05:00
Máté Lang
d0c0939ff8
updated README.md to contain more extensions ( #155 )
...
* updated README.md to contain more extensions
* Update README.md
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
2022-02-03 08:49:22 -03:00
hyeonjae
e01ed05a31
remove unnecessary for loop in token signing string for readability ( #34 )
...
* remove unnecessary for loop in token signing string for readability
- add testcase
- add benchmark
- improve performance slightly
* Fix benchtests on token_test.go
* Update token_test.go to v4
Co-authored-by: hyeonjae <hyeonjae@ip-192-168-1-3.ap-northeast-2.compute.internal>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
2022-02-03 08:47:58 -03:00
Christian Banse
78a18c0808
Implementing `Is(err) bool` to support Go 1.13 style error checking ( #136 )
2022-01-19 22:55:19 +01:00
Stefan Tudose
0fb40d3824
use errors.Is for extractor errors ( #141 )
2021-12-15 12:50:05 +01:00
tfonfara
c435f38291
#129 : Added VerifyIssuer method to RegisteredClaims ( #130 )
2021-11-24 14:27:41 +01:00
Alexander Yastrebov
a725c1f60c
cmd: list supported algorithms (-alg flag) ( #123 )
2021-11-16 09:00:45 -05:00
Kevin de Berk
823c014036
Unwrap for ValidationError ( #125 )
2021-11-15 09:25:32 -05:00
Alexander Yastrebov
1275a5b909
Allow `none` algorithm in jwt command ( #121 )
2021-11-10 07:33:04 +01:00
ajermaky
f4865cddea
Revert Encoding/Decoding changes for better compatibility ( #117 )
2021-11-06 07:21:20 -04:00
Alexander Yastrebov
9c3665f0fc
Fixes jwt command to support EdDSA algorithm ( #118 )
...
Fixes
```
$ echo '{"foo":"bar"}' | jwt -key test/ed25519-private.pem -alg EdDSA -sign -
Error: error signing token: key is of invalid type
```
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2021-11-03 09:14:30 -04:00
PiotrKozimor
a2aa655627
Fix int64 overflow in newNumericDateFromSeconds ( #112 )
2021-10-26 21:14:01 -04:00
Sebastien Rosset
c0ffb890f3
Improve code comments, including security consideration ( #107 )
...
* improve code comments, including security consideration
* Add link to URL with details about security vulnerabilities.
* Update token.go
Co-authored-by: Christian Banse <oxisto@aybaze.com>
* Update token.go
Co-authored-by: Christian Banse <oxisto@aybaze.com>
* update code comments
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-10-15 09:48:31 -03:00
Christian Banse
65357b9e5b
Introducing functional-style options for the Parser type ( #108 )
2021-10-13 19:36:33 +02:00
Ichinose Shogo
cac353cdc2
fix the comment of VerifyExpiresAt ( #109 )
2021-10-09 18:17:39 -03:00
Sebastien Rosset
fd8cd69d8e
Adjusted `parser_test.go` to include RSA and ECDSA tokens ( #106 )
2021-09-24 21:32:29 +02:00